cybernews

fuite de donnée enregistrée

Latest News


CVE-2025-47966 - Power Automate Privilege Escalation Information Exposure

CVE ID : CVE-2025-47966
Published : June 5, 2025, 9:15 p.m. | 29 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-48133 - Uncanny Owl Uncanny Automator Missing Authorization Vulnerability

CVE ID : CVE-2025-48133
Published : June 5, 2025, 9:15 p.m. | 29 minutes ago
Description : Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-5694 - PHPGurukul Human Metapneumovirus Testing Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5694
Published : June 5, 2025, 9:15 p.m. | 29 minutes ago
Description : A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-5695 - FLIR AX8 Command Injection Vulnerability

CVE ID : CVE-2025-5695
Published : June 5, 2025, 9:15 p.m. | 29 minutes ago
Description : A vulnerability classified as critical has been found in FLIR AX8 up to 1.46.16. This affects the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.55.16 is able to address this issue. It is recommended to upgrade the affected component.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-43026 - HP Support Assistant Privilege Escalation Vulnerability

CVE ID : CVE-2025-43026
Published : June 5, 2025, 8:15 p.m. | 1 hour, 29 minutes ago
Description : A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5680 - Shenzhen Dashi Tongzhou Information Technology AgileBPM Groovy Script Handler Remote Deserialization Vulnerability

CVE ID : CVE-2025-5680
Published : June 5, 2025, 8:15 p.m. | 1 hour, 29 minutes ago
Description : A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5685 - Tenda CH22 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5685
Published : June 5, 2025, 8:15 p.m. | 1 hour, 29 minutes ago
Description : A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5693 - PHPGurukul Human Metapneumovirus Testing Management System SQL Injection

CVE ID : CVE-2025-5693
Published : June 5, 2025, 8:15 p.m. | 1 hour, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5745 - IBM Power10 GNU C Library Unpredictable String Comparison Vulnerability

CVE ID : CVE-2025-5745
Published : June 5, 2025, 8:15 p.m. | 1 hour, 29 minutes ago
Description : The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5674 - "Code-Projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5674
Published : June 5, 2025, 7:15 p.m. | 2 hours, 29 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file urinalysis_form.php. The manipulation of the argument urinalysis_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5675 - Campcodes Online Teacher Record Management System SQL Injection

CVE ID : CVE-2025-5675
Published : June 5, 2025, 7:15 p.m. | 2 hours, 29 minutes ago
Description : A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /trms/admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5676 - Campcodes Online Recruitment Management System SQL Injection

CVE ID : CVE-2025-5676
Published : June 5, 2025, 7:15 p.m. | 2 hours, 29 minutes ago
Description : A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5677 - Campcodes Online Recruitment Management System SQL Injection

CVE ID : CVE-2025-5677
Published : June 5, 2025, 7:15 p.m. | 2 hours, 29 minutes ago
Description : A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=save_application. The manipulation of the argument position_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5679 - Shenzhen Dashi Tongzhou Information Technology AgileBPM Deserialization Remote Code Execution Vulnerability

CVE ID : CVE-2025-5679
Published : June 5, 2025, 7:15 p.m. | 2 hours, 29 minutes ago
Description : A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5702 - IBM Power10 GNU C Library Uninitialized Register Use

CVE ID : CVE-2025-5702
Published : June 5, 2025, 7:15 p.m. | 2 hours, 29 minutes ago
Description : The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-46257 - BdThemes Element Pack Pro CSRF Vulnerability

CVE ID : CVE-2025-46257
Published : June 5, 2025, 6:15 p.m. | 3 hours, 29 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-46258 - BdThemes Element Pack Pro Missing Authorization Vulnerability

CVE ID : CVE-2025-46258
Published : June 5, 2025, 6:15 p.m. | 3 hours, 29 minutes ago
Description : Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-5671 - TOTOLINK N302R Plus HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5671
Published : June 5, 2025, 6:15 p.m. | 3 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-5672 - TOTOLINK N302R Plus HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5672
Published : June 5, 2025, 6:15 p.m. | 3 hours, 29 minutes ago
Description : A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-48493 - "Redis AUTH Credentials Exposed in Yii Logs"

CVE ID : CVE-2025-48493
Published : June 5, 2025, 5:15 p.m. | 4 hours, 29 minutes ago
Description : The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-49009 - Facebook Para Facebook Auth Token Information Disclosure

CVE ID : CVE-2025-49009
Published : June 5, 2025, 5:15 p.m. | 4 hours, 29 minutes ago
Description : Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-5668 - PHPGurukul Medical Card Generation System SQL Injection Vulnerability

CVE ID : CVE-2025-5668
Published : June 5, 2025, 5:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-5669 - PHPGurukul Medical Card Generation System SQL Injection

CVE ID : CVE-2025-5669
Published : June 5, 2025, 5:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-5670 - PHPGurukul Medical Card Generation System SQL Injection

CVE ID : CVE-2025-5670
Published : June 5, 2025, 5:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-5667 - FreeFloat FTP Server REIN Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5667
Published : June 5, 2025, 4:15 p.m. | 5 hours, 29 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REIN Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 16:15:00 GMT

read more

CVE-2025-5666 - FreeFloat FTP Server XMKD Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5666
Published : June 5, 2025, 4:15 p.m. | 4 hours, 53 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component XMKD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 16:15:00 GMT

read more

CVE-2025-5664 - FreeFloat FTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5664
Published : June 5, 2025, 3:15 p.m. | 5 hours, 53 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 15:15:00 GMT

read more

CVE-2025-5665 - FreeFloat FTP Server XCWD Command Handler Buffer Overflow

CVE ID : CVE-2025-5665
Published : June 5, 2025, 3:15 p.m. | 5 hours, 53 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 15:15:00 GMT

read more

CVE-2025-5663 - PHPGurukul Auto Taxi Stand Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5663
Published : June 5, 2025, 2:15 p.m. | 6 hours, 53 minutes ago
Description : A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-autoortaxi.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-30084 - Joomla RSMail! Stored XSS

CVE ID : CVE-2025-30084
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-3768 - Devolutions Server Tor Network Bypass Vulnerability

CVE ID : CVE-2025-3768
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-47827 - IGEL OS Boot Signature Verification Bypass

CVE ID : CVE-2025-47827
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-5382 - Devolutions Server Access Control Bypass

CVE ID : CVE-2025-5382
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-5661 - "Traffic Offense Reporting System XSS Vulnerability"

CVE ID : CVE-2025-5661
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-0691 - Devolutions Server Access Control Bypass

CVE ID : CVE-2025-0691
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-27445 - RSFirewall Joomla Path Traversal Vulnerability

CVE ID : CVE-2025-27445
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-27753 - Joomla RSMediaGallery SQL Injection

CVE ID : CVE-2025-27753
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-27754 - Joomla RSBlog! Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-27754
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-5658 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5658
Published : June 5, 2025, 1:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/updatecomplaint.php. The manipulation of the argument Status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5659 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5659
Published : June 5, 2025, 1:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5660 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5660
Published : June 5, 2025, 1:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 2.0. Affected by this issue is some unknown functionality of the file /user/register-complaint.php. The manipulation of the argument noc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5656 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5656
Published : June 5, 2025, 12:15 p.m. | 5 hours, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-category.php. The manipulation of the argument description leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5657 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5657
Published : June 5, 2025, 12:15 p.m. | 5 hours, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5701 - HyperComments WordPress Privilege Escalation Vulnerability

CVE ID : CVE-2025-5701
Published : June 5, 2025, 12:15 p.m. | 5 hours, 29 minutes ago
Description : The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2011-10007 - Apache::FileFind::Rule Arbitrary Code Execution Vulnerability

CVE ID : CVE-2011-10007
Published : June 5, 2025, 12:15 p.m. | 5 hours, 13 minutes ago
Description : File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \     -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5341 - Forminator Forms Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-5341
Published : June 5, 2025, 12:15 p.m. | 5 hours, 13 minutes ago
Description : The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

Retour sur le webinaire « Comment se faire labelliser ExpertCyber ? »

Organisé le 3 juin 2025, le webinaire « Comment se faire labelliser ExpertCyber ? » avait pour objectif de présenter les enjeux et modalités de la labellisation ExpertCyber, destinée aux prestataires de services informatique justifiant d’une expertise en cybersécurité.

Thu, 05 Jun 2025 12:02:00 GMT

read more

CVE-2025-5653 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5653
Published : June 5, 2025, 11:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/between-date-userreport.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5654 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5654
Published : June 5, 2025, 11:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-state.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5655 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5655
Published : June 5, 2025, 11:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument subcategory leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5651 - "Traffic Offense Reporting System Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-5651
Published : June 5, 2025, 10:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5652 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5652
Published : June 5, 2025, 10:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/between-date-complaintreport.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-4568 - Apache HTTP Server Blind SQL Injection

CVE ID : CVE-2025-4568
Published : June 5, 2025, 10:15 a.m. | 4 hours, 13 minutes ago
Description : Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5650 - 1000projects Online Notice Board SQL Injection Vulnerability

CVE ID : CVE-2025-5650
Published : June 5, 2025, 10:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in 1000projects Online Notice Board 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5647 - Radare2 Radiff2 Memory Corruption Vulnerability

CVE ID : CVE-2025-5647
Published : June 5, 2025, 9:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

CVE-2025-5648 - Radare2 Buffer Overflow in r_cons_pal_init

CVE ID : CVE-2025-5648
Published : June 5, 2025, 9:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

CVE-2025-5649 - SourceCodester Student Result Management System Remote Access Control Bypass

CVE ID : CVE-2025-5649
Published : June 5, 2025, 9:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

Soldes drsquo;été : 7 conseils pour éviter les cyber-arnaques

Durant les périodes promotionnelles, Cybermalveillance.gouv.fr appelle à la plus grande vigilance et délivre 7 conseils pour éviter de se faire escroquer.

Thu, 05 Jun 2025 09:00:00 GMT

read more

Lettres drsquo;information

Actualités, contenus et ressources thématiques pour vous sensibiliser aux risques numériques et aux bonnes pratiques associées, informations sur les cybermenaces… Retrouvez dans cette section les lettres d’informations de Cybermalveillance.gouv.fr.

Thu, 05 Jun 2025 09:00:00 GMT

read more

CVE-2025-5645 - Radare2 r_cons_pal_init Memory Corruption Vulnerability

CVE ID : CVE-2025-5645
Published : June 5, 2025, 8:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 08:15:00 GMT

read more

CVE-2025-5646 - "Radare2 Rainbow Free Memory Corruption Vulnerability"

CVE ID : CVE-2025-5646
Published : June 5, 2025, 8:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 08:15:00 GMT

read more

CVE-2025-5641 - "Radare2 Memory Corruption Vulnerability in r_cons_is_breaked Function"

CVE ID : CVE-2025-5641
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". An additional warning regarding threading support has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5642 - Radare2 radiff2 Memory Corruption Vulnerability

CVE ID : CVE-2025-5642
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5643 - "Radare2 Local Memory Corruption Vulnerability"

CVE ID : CVE-2025-5643
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5644 - Radare2 Use After Free Vulnerability in r_cons_flush Function

CVE ID : CVE-2025-5644
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5683 - Qt QImage ICNS Format Image File Buffer Overflow

CVE ID : CVE-2025-5683
Published : June 5, 2025, 6:15 a.m. | 8 hours, 13 minutes ago
Description : When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-3055 - WordPress User Frontend Pro File Deletion Vulnerability

CVE ID : CVE-2025-3055
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-5639 - PHPGurukul Notice Board System SQL Injection Vulnerability

CVE ID : CVE-2025-5639
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-5640 - "PX4-Autopilot MavlinkReceiver Stack-Based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-5640
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-3054 - WordPress WP User Frontend Pro Plugin Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-3054
Published : June 5, 2025, 6:15 a.m. | 6 hours, 13 minutes ago
Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software to be in use.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-1793 - AWS Run-llama SQL Injection Vulnerability

CVE ID : CVE-2025-1793
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5636 - PCMan FTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5636
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5637 - PCMan FTP Server SYSTEM Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5637
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5638 - PHPGurukul Notice Board System SQL Injection Vulnerability

CVE ID : CVE-2025-5638
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5633 - Content Management System and News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5633
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5634 - PCMan FTP Server NOOP Command Handler Buffer Overflow

CVE ID : CVE-2025-5634
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5635 - PCMan FTP Server PLS Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5635
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5632 - Content-Management-System News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5632
Published : June 5, 2025, 4:15 a.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5629 - Tenda AC10 HTTP Handler PPTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5629
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5630 - D-Link DIR-816 Remote Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5630
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5631 - Content Management System and News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5631
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-48432 - Apache Django Log Injection Vulnerability

CVE ID : CVE-2025-48432
Published : June 5, 2025, 3:15 a.m. | 5 hours, 53 minutes ago
Description : An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-49466 - AERC Directory Traversal Vulnerability

CVE ID : CVE-2025-49466
Published : June 5, 2025, 3:15 a.m. | 5 hours, 53 minutes ago
Description : aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5628 - SourceCodester Food Menu Manager Cross Site Scripting (XSS)

CVE ID : CVE-2025-5628
Published : June 5, 2025, 2:15 a.m. | 6 hours, 53 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 02:15:00 GMT

read more

CVE-2025-5626 - Campcodes Online Teacher Record Management System SQL Injection

CVE ID : CVE-2025-5626
Published : June 5, 2025, 1:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5627 - "Code-projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5627
Published : June 5, 2025, 1:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-49008 - Atheos Command Injection Vulnerability

CVE ID : CVE-2025-49008
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable versions are at risk of data breaches or server compromise. Version 6.0.4 introduces a `Common::safe_execute` function that sanitizes all arguments using `escapeshellarg()` prior to execution and migrated all components potentially vulnerable to similar exploits to use this new templated execution system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5624 - "D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-5624
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5625 - Campcodes Online Teacher Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5625
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

Cybermois 2025

Le Mois européen de la cybersécurité est une initiative européenne (ENISA)
qui vise à sensibiliser aux cybermenaces et aux bons réflexes pour s’en protéger.
En France, il est piloté par Cybermalveillance.gouv.fr

Thu, 05 Jun 2025 01:11:00 GMT

read more

« Histoire de Cyber » : engagez-vous pour le Cybermois 2025

Et si vous deveniez acteur du Cybermois 2025 ? Nous vous invitons à vous engager et à prendre part à une action citoyenne en relayant la campagne de sensibilisation « Histoire de Cyber » tout au long du mois d’octobre. Rejoignez la mobilisation nationale : inscrivez-vous dès maintenant…

Thu, 05 Jun 2025 01:09:00 GMT

read more

Cybermois 2025 : kit de communication

Vous souhaitez communiquer sur le Cybermois 2025 auprès de vos publics, éditer les supports du Cybermois à vos couleurs ou réutiliser des contenus de sensibilisation ? Nous vous mettons à disposition différents outils incluant.

Thu, 05 Jun 2025 01:05:00 GMT

read more

CVE-2025-5620 - D-Link DIR-816 OS Command Injection Vulnerability

CVE ID : CVE-2025-5620
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5621 - D-Link DIR-816 OS Command Injection Vulnerability

CVE ID : CVE-2025-5621
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5622 - D-Link DIR-816 Wireless Stack-Based Buffer Overflow

CVE ID : CVE-2025-5622
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5623 - D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5623
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5618 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5618
Published : June 4, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5619 - Tenda CH22 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5619
Published : June 4, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-49007 - Apache Rack Denial of Service Vulnerability

CVE ID : CVE-2025-49007
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5616 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5616
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5617 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5617
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5690 - PostgreSQL Anonymizer Mask Data Read Bypass

CVE ID : CVE-2025-5690
Published : June 4, 2025, 10:15 p.m. | 7 hours, 13 minutes ago
Description : PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5613 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5613
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5614 - PHPGurukul Online Fire Reporting System SQL Injection

CVE ID : CVE-2025-5614
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5615 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5615
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5612 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5612
Published : June 4, 2025, 9:15 p.m. | 7 hours, 12 minutes ago
Description : A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-46341 - FreshRSS HTTP Auth Header Impersonation Vulnerability

CVE ID : CVE-2025-46341
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin's username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-48947 - Auth0 Next.js SDK Cache-Control Header Missing Vulnerability

CVE ID : CVE-2025-48947
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for someone to be affected by the vulnerability: Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, applications using CDN or edge caching that caches responses with the Set-Cookie header, and if the Cache-Control header is not properly set for sensitive responses. Users should upgrade auth0/nextjs-auth0 to v4.6.1 to receive a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5610 - CodeAstro Real Estate Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5610
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5611 - CodeAstro Real Estate Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5611
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5608 - Tenda AC18 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5608
Published : June 4, 2025, 8:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 20:15:00 GMT

read more

CVE-2025-5609 - Tenda AC18 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5609
Published : June 4, 2025, 8:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 20:15:00 GMT

read more

CVE-2025-32015 - FreshRSS Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-32015
Published : June 4, 2025, 8:15 p.m. | 3 hours, 27 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `